Half-baked Measures to control Privileged Access can Jeopardize IT Infra

Half-baked Measures to control Privileged Access can Jeopardize IT Infra

July 05, 2019 | Privileged Accounts, SSO

ARCON recently came across a very interesting use case. Our pre-sales team was asked by one of the leading manufacturing organizations to provide a demo to understand the benefits of ARCON Privileged Access Management as its IT risk control team wanted to reinforce privileged access control for security purposes.

Following a demo, the IT risk control team, however, much to our surprise, pointed out that they wanted to ensure security just by deploying an SSO. While there is no denying of the fact that these tools offer a robust mechanism to allow privileged access in a controlled environment; implementing only partial or half-baked privilege access management practices can jeopardize IT infra.

The mistakes often made

While organizations are doing their best to reinforce the security posture mainly the periphery security through deploying Intrusion Detection Systems, firewalls among many other advanced safeguards; however, it has been found that there is a lack of awareness when it comes to implementing best practices to secure privileged accounts found within the inner realm of an organization.

Indeed, very often IT administrators/ security officers acquire partial knowledge of Privileged Access Management (PAM) solution and assume that instead of deploying the complete solution, only multi-factor authentication or single-sign-on or password vaulting would ensure security to their critical information. It’s a huge mistake. Implementing best privilege management practices requires IT security team to not only validate privileged access but also give privilege entitlements including documenting every privilege session log and monitoring the same. It is important to note that privileged access management is a conglomeration of multiple security safeguards which ensures the security of privileged accounts.

Just think of an organization that goes with a deployment of Single-Sign-On only, which gives one-time secure administrative access to target systems. While an SSO ensures non-escalation of privilege accounts, it does leave a security gap as there is no rule-and role based risky privilege entitlements. Likewise, the IT security team requires comprehensive audit trails to keep a track on privilege activities and prepare compliance reports. To sum up, enterprise privilege accounts security requires implementing the three “A”s: Authorization, Authentication and Audit Trails.

Only by maintaining the complete lifecycle of Privileged accounts, organizations can mitigate threats to data assets from malicious insiders or suspicious third-party users.

Conclusion

In a nutshell, partial privileged access management practice can be costly for organizations since it broadens security vulnerabilities. Organizations from small, large and mid-scale industries sometimes nurture a wrong notion that comprehensive privileged access control might not be the requirement, which invites risks to critical systems. Any organization can be a victim of information breach under any circumstance at any time. Hence, it is always advisable to stay secure rather than be sorry and implement all the three “A”s rather than practicing privilege access management in bits and pieces.